CVE-2007-4816
published 2007-09-11CVE-2007-4816: Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage…
PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.08%
94.7th percentile
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baofeng | storm | <= 2.8 | — |
| baofeng | storm | — | — |
| baofeng | storm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor ActiveX instantiation of the BaoFeng2 storm control (Mps.dll) in browser processes; alert on unusually long property values set for URL, backImage, or titleImage properties. ↗
- →Detect calls to the advancedOpen method of the Mps.dll ActiveX control with an abnormally long first argument, which is an exploitation vector. ↗
- →Detect calls to isDVDPath or rawParse methods of the Mps.dll ActiveX control with long arguments as exploitation indicators. ↗
- →Inspect .smpl playlist files for an item element containing an abnormally long path attribute, which is used as an exploitation vector against the BaoFeng2 ActiveX control. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cq8v-9fqj-p7rf: Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps
ghsa_unreviewed·2022-05-01
CVE-2007-4816 [HIGH] CWE-119 GHSA-cq8v-9fqj-p7rf: Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
GHSA
GHSA-x9q7-pv5c-35wg: Multiple buffer overflows in a certain ActiveX control in sparser
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-4943 [HIGH] CWE-119 GHSA-x9q7-pv5c-35wg: Multiple buffer overflows in a certain ActiveX control in sparser
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
VulnCheck
baofeng storm Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2007·CVSS 7.5
CVE-2007-4816 [HIGH] baofeng storm Improper Restriction of Operations within the Bounds of a Memory Buffer
baofeng storm Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
Affected: baofeng storm
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://betanews.com/2008/05/19/ten-thousand-servers-hit-in-sql-injection-hack/
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/40491http://secunia.com/advisories/26749http://www.milw0rm.com/sploits/09082007-storm.ziphttp://www.securityfocus.com/bid/25601http://www.vupen.com/english/advisories/2007/3111https://exchange.xforce.ibmcloud.com/vulnerabilities/36540https://exchange.xforce.ibmcloud.com/vulnerabilities/36542https://exchange.xforce.ibmcloud.com/vulnerabilities/36543https://www.exploit-db.com/exploits/4375http://osvdb.org/40491http://secunia.com/advisories/26749http://www.milw0rm.com/sploits/09082007-storm.ziphttp://www.securityfocus.com/bid/25601http://www.vupen.com/english/advisories/2007/3111https://exchange.xforce.ibmcloud.com/vulnerabilities/36540https://exchange.xforce.ibmcloud.com/vulnerabilities/36542https://exchange.xforce.ibmcloud.com/vulnerabilities/36543https://www.exploit-db.com/exploits/4375
2007-09-11
Published
Exploited in the wild